In today's technological environment, it is common for business enterprises and other organizations to deploy private computer networks—intranets—to securely share such organization's information or network operating systems within that organization. The term “intranet” is used in contrast to “internet”, which is a network between organizations, the most common of which is the global, public Internet. That is, an intranet is a network within an organization which sometimes refers only to the organization's internal (private) website, but may be a more extensive part of the organization's information technology (IT) infrastructure. It may host multiple private websites and constitute an important component and focal point of internal communication with, and collaboration among, individual computer users associated/affiliated with the organization (e.g., students within a university, co-workers within a company or local, state or federal government department or agency, co-workers within a charitable or any other type of organization).
As individual computer users associated/affiliated with the organization perform various computer-based activities while logged into the organization's intranet, there are a constant stream of activities occurring such as navigating to URLs, opening and editing documents, writing, opening and reading email messages, and the like. Information about these activities can be very useful (e.g., augmenting documents with extra information, improving search results, creating automatic news feeds, sending social networking announcements, etc.). Normally, however, such information is not collected within intranets and is lost. Yet, collecting, consolidating, storing and exposing activity information while ensuring privacy requirements allows for a number of high-value services to be built and offered based on such information.
Should such information be collected, there is one concern that must be addressed—privacy. That is, protecting personal privacy is more complex in the information age. As more and more business is transacted “online,” the volume of personal information available on computer networks continues to grow. Thus, individuals using these computer networks are demanding greater control over how their personal information is stored, used and shared. Also, organizations are seeking better ways to manage and safeguard the sensitive personal data in their custody. In response, many governments on the national (e.g., federal), state, and local level, have passed laws dealing with individuals' privacy—especially concerning Personally Identifiable Information (PII) which is any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains, or from which identification or contact information of an individual person can be derived. More specifically, PII includes names, addresses, and phone numbers as the more obvious examples. Email addresses and IP addresses may also be included in this category. An emerging category of such information includes geo-location information that allows the sharing of the physical location of the user, a feature that is becoming popular in location-based services and social networking scenarios.
Sensitive PII includes financial profiles, health profiles, national ID numbers, social security numbers, credit card information, and other information designated as such by legislation (e.g., race, ethnicity, political opinions, religious or philosophical beliefs, trade-union membership, sex life, etc.). Collecting sensitive PII data may bring enhanced exposure to legal, regulatory, and political risks and requires additional safeguards for data security, integrity and notice.
Collective information is a more subtle issue for privacy issue spotting because a single piece of information such as website usage would seem relatively benign and by itself would not be PII. However, data collected over time for online behavior such as search, web surfing, and social networking habits may eventually allow the user's identity to be discovered using data mining and correlation methods.
Privacy concerns are exacerbated in the context of private networks such as intranets. This is because use of these private networks requires users to log in with a “user id” and password assigned by the owner of the network (e.g., the user's employer). This destroys the anonymity provided by other networks such as the Internet.
Given the foregoing, what are needed are systems, methods and computer program products for facilitating the collection of data within a computer network (especially an intranet) to allow for the provisioning of high-value services while complying with applicable privacy laws and regulations, as well as individual organizations' rules and policies addressing intranet users' privacy.